Share on facebook
Share on twitter

Free Or Paid SSL Certificate Setup for  WordPress on Google Cloud

Want to Install SSL Certificate for a WordPress website on Google Cloud ?

Don”t worry, I am here to help you.

In this Guide you will learn about four types of SSL certificate configuration for your WordPress site on Google Cloud.

Scenario 1.

You don’t have any SSL certificate, and want a Free auto renewal letsencrypt SSL certificate.

Scenario 2.

You don’t have any SSL certificate, and want a 90 days Free Comodo SSL certificate.

Scenario 3.

You want to buy  an SSL certificate, and install it on your Google Cloud.

Scenario 4.

You already  have an SSL certificate for your domain, and want to install it on your new Google Cloud WordPress.

If you are using Bitnami WordPress on Google Cloud, you can view this SSL certificate tutorial.

Basic SSL FAQs

  1. What is SSL?
  2. Why you need SSL?
  3. Free vs Paid SSL.

Join Us

Facebook

Twitter

YouTube

Want Exclusive Tutorials?

Tutorial Steps

To Complete this tutorial, you should already have,

  1. Installed  WordPress on Google Cloud .
  2. Configured a Domain name.
  3. Reserved a Static IP.

You can follow that tutorial here to complete those steps.

Scenario 1#.

Free auto renewal letsencrypt SSL Certificate Setup for WordPress on Google Cloud:

Let’s Encrypt SSL certificates that are just as secure as current paid certificates. But if your site processing credit cards or transmitting sensitive information (such as an e-commerce site), or has a user login section, you should only use a paid Sectigo certificate. This will ensure your users that the connection is valid and secure.

There are couple of steps in this tutorial.

  1. Install certbot
  2. Generate Lets Encrypt certificate.
  3. Configure your apache server.
  4. Configure your WordPress
  5. Set up Auto Renewal. (optional)
  6. Setup Redirects. ( Optional )
  7. Troubleshooting.   

1.# Install certbot

Open your Google Cloud console and click on the hamburger logo.

After that hover on Compute Engine  and Click on VM Instances.

Click on SSH to open the terminal. You also can use Putty terminal. I already wrote a tutorial on putty. Click Here to visit it.

Now copy and paste it on your SSH terminal. It will install certbot on you Google Cloud linux server.

sudo apt-get install -y certbot python-certbot-apache -t stretch-backports

Here you  I am installing certbot on my Google Cloud WordPress Server.

2.# Generate Lets Encrypt certificate.

After installing Certbot, You need to generate Let’s Encrypt Certificate.

Copy this command and paste it on your terminal.

sudo certbot certonly --webroot -w /var/www/html/ -d your-domain-name -d www.your-domain-name 

Here I generate SSL certificate for my siteyaar.tk domain. In the bottom section of the image you can find the file directories where the SSL certificate files are stored. 

3 .# Configure your apache server.

In this section you will learn about how to setup apache server conf file.

You have to enable Mod_ssl and also give permissions to view your website through 443 port.

To edit default-ssl.conf go to your google cloud terminal, and paste the command below.

sudo nano /etc/apache2/sites-available/default-ssl.conf

Paste the following lines of code in order to give permission to your web files through  HTTPS port 443.

<Directory /var/www/html/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>

After that , scroll down by pressing down arrow of your keyboard and Place a # sign before “SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem”
“SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key”  those two files.

Here I Place a # sign before those two lines.

After that Place those lines to enable your let’s encrypt Certificate.

SSLCertificateFile "/etc/letsencrypt/live/your-domain-name/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/your-domain-name/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/your-domain-name/chain.pem"

To save the default-ssl.conf file press ctrl+o then ctrl+x or ctrl+x >> y >> enter.

To take effect  of your certificate changes , you need to update and restart your Apache server by executing all three of the commands listed below.

sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 restart

Now open your website on your browser. Https://your-domain-name.

If any thing goes wrong just place a comment. I will help you. 

4.# Configure your WordPress.

Now login to  your WordPress and change the http to https. Then click save.

Here I changed my http://siteyaar.tk  to https://siteyaar.tk.

Congratulation you successfully install Let’s encrypt SSL certificate.

If you want to setup redirects eg. suppose anyone  visit http version of your site they will automatically redirect to https. To learn more click here.

5.# Set up Auto Renewal.

Those steps are optional. If  you to setup auto renewal function then follow the steps.

To setup your crontab file, execute the following command:

sudo crontab -e

Choose 1 to edit your crontab file with nano editor.

Then the place the following lines below:

* 3 * * 6 certbot renew && /etc/init.d/apache2 restart

The first section of the code” * 3 * * 6 ” tell your server to check for certificate renewals once per week at 3 am , and to automatically renew the certificates if they are about to expire. After adding the script, save the crontab file by pressing CTRL + X, then Y, then Enter.

Scenario 2#.

Free Comodo SSL Certificate Setup for WordPress on Google Cloud:

If want to install 90 DAYS Free Comodo Sectigo SSL certificate, then you have to follow the steps below to active and install your SSL certificate.

This tutorial is also valid for paid Comodo SSL / Namecheap SSL Certificate etc. installation.

To setup this type of SSL certificate you have to create  csr and key file using openssl.

Open your Google cloud console account on your browser. Go to Compute Engine >> VM Instances.

Click on the SSH to open cell terminal. You also can use Putty.

Follow the blog post to setup Putty on Your Google Cloud.

Execute this command:

cd /etc/apache2/sites-available

Here I want to create key and csr file in this directory /etc/apache2/sites-available. You can also use or create different directory.

To generate CSR and Key file , execute this Command below:

sudo openssl req -new -newkey rsa:2048 -nodes -keyout siteyaat_tk.key -out siteyaar_tk.csr

Change siteyaar_tk to your domain name.

Now you have to enter some informations to generate key and csr files.

Here an example for  siteyaar.tk

Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:WB
Locality Name (eg, city) []:KOLKATA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []: BLANK
Common Name (e.g. server FQDN or YOUR name) []:siteyaar.tk OR www.siteyaar.tk 
Email Address []:[email protected]
 
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:BLANK
An optional company name []:BLANK

Choose Common Name carefully. If your site name is eg. siteyaar.com then type siteyaar.com. If your site name is www.siteyaar.com then place www.siteyaar.com.

Open nano editor and copy the lines of you csr file.Here the command:
sudo nano /etc/apache2/sites-available/siteyaar_tk.csr
Now visit https://ssl.comodo.com/free-ssl-certificate and create an account.  

Paste the CSR code into the box and Select Apache-ModSSL.

If you already setup your email address then go for the email method.

Here I showed you an alternative method for Domain Control Validation.

Select the Http CSR Hash.

For domain Control Validation you have to create a text file with the name of  MD5 value. 

Click on Show Alternative DCV information , Then click HTTP CSR Hash. Copy the text.

Now create .well-known/pki-validation directorics by executing this command:

sudo mkdir -p /var/www/html/.well-known/pki-validation

After this create a txt file using the name of MD5 value.

sudo nano /var/www/html/.well-known/pki-validation/your-MD5-value.txt

Paste the code and save it by pressing CTRL +X  Then Y Then ENTER.

Here I Complete DCV  For siteyaar.tk. You will receive the SSL Certificate on your register email address.

As you can see Here I receive the SSL certificate.  

Download it and unzip it.

On you SSH terminal, Click on Upload file. After that Upload the two files.

As you can see the uploaded files are stored in home/myserver-name.

Now move the files to /etc/apache2/sites-available directory.

Execute this Command:

sudo mv /home/your-server-name/your-domain.crt /etc/apache2/sites-available
sudo mv /home/your-server-name/your-domain.ca-bundle /etc/apache2/sites-available

Apache does not have the permission to use those SSL files you have give permission by executing the command below.

sudo chmod a+x /etc/apache2/sites-available/siteyaar_tk.key /etc/apache2/sites-available/siteyaar_tk.crt /etc/apache2/sites-available/siteyaar_tk.ca-bundle

By default Google click to deploy wordpress does not come with pre-configure Https.

To access you web file through https on port 443, You have to edit the default-ssl.conf

To edit default-ssl.conf go to your google cloud terminal, and paste the command below.

sudo nano /etc/apache2/sites-available/default-ssl.conf

Paste the following lines of code in order to give permission to your web files through  HTTPS port 443.

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

After that , scroll down by pressing down arrow of your keyboard and Place a # sign before “SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem”
“SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key”  those two files.

Here I Place a # sign before those two lines.

After that Place those lines to enable your COMODO SeCtigo SSL Certificate.

SSLCertificateFile "/etc/apache2/sites-available/your-domain-name.crt"
SSLCertificateKeyFile "/etc/apache2/sites-available/your-domain-name.key"
SSLCertificateChainFile "/etc/apache2/sites-available/your-domain-name.ca-bundle"

To take effect  of your certificate changes , you need to update and restart your Apache server by executing all three of the commands listed below.

sudo a2enmod ssl
sudo a2ensite default-ssl
sudo service apache2 restart

Scenario 3#.

Paid Premium SSL Certificate Setup for WordPress on Google Cloud:

It is the same steps you followed in the previous guide.

If you need help just drop a comment.

Scenario 4#.

Move and Setup SSL Certificate for WordPress on Google Cloud:

If you already had an SSL certificate Which is installed in another server. Then this guide will help you.

To install your old SSL certificate on Google Cloud WordPress , you have to move your Old KEY , CRT , CA-BUNDLE files to Google Cloud.

Drop A comment if you need help.

Here I downloaded KEY, CRT, CA-BUNDLE file from my previous server.

Go to you ssh terminal click on the setting icon on the right top corner. Then click on upload. Upload you three files which you downloaded from your old server.

Your uploaded files will be store in /home/your-account=name.

Now move those three files to a different directory.I move my files to /etc/apache2/sites-available.Here the Command:
sudo mv /home/your-server-name/your-domain.crt /etc/apache2/sites-available
sudo mv /home/your-server-name/your-domain.ca-bundle /etc/apache2/sites-available
sudo mv /home/your-server-name/your-domain.key /etc/apache2/sites-available
You can create new folder by using mkdir command.

This step is very crucial. Your google cloud wordpress (apache) server does not have the permission to access those files.

Execute this command.

 

sudo chmod a+x /etc/apache2/sites-available/siteyaar_tk.key /etc/apache2/sites-available/siteyaar_tk.crt /etc/apache2/sites-available/siteyaar_tk.ca-bundle

Change siteyaar_tk to your SSL certificate files name.

Now click here . And follow the instruction from scenario 2.

Redirect Configuration for WordPress on Google Cloud:

This step is optional. If you want permanent 301 redirect only then follow it.

What is Redirect ?

Suppos, your website name is www.example.com but some one open example.com, Redirect configuration will automatically redirect that user to www.example.com.

To configure redirect you have to place some code in 000-default.conf and default-ssl.conf.

Important: If you want to use cloudflare cdn then first visit the troubleshooting section.

Http to Https Redirect:

Every user will automatically redirect to Https version of you site.

eg. http://example.com to https://example.com.

Edit 000-default.conf  using nano.

sudo nano /etc/apache2/sites-available/000-default.conf

Then paste those lines below:

RewriteEngine On
#Enable HTTP to HTTPS redirection
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

Http Non-www to Https www Redirect:

Every user will automatically redirect non-www to Https www version of you site.

eg. http://example.com to https://www.example.com.

Edit 000-default.conf  using nano.

sudo nano /etc/apache2/sites-available/000-default.conf

Then paste those lines below:

RewriteEngine On
#Enable HTTP to HTTPS redirection
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
#Enable non-www to www redirection
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]

Edit default-ssl.conf  using nano.

sudo nano /etc/apache2/sites-available/default-ssl.conf.conf

Then paste those lines below:

RewriteEngine On
#Enable non-www to www redirection
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=permanent,L]

Http Www to Https non-www Redirect:

Every user will automatically redirect www to Https non-www version of you site.

eg. http://www.example.com to https://example.com.

Edit 000-default.conf  using nano.

sudo nano /etc/apache2/sites-available/000-default.conf

Then paste those lines below:

RewriteEngine On
#Enable HTTP to HTTPS redirection
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
#Enable www to non-www redirection
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]

Edit default-ssl.conf  using nano.

sudo nano /etc/apache2/sites-available/default-ssl.conf.conf

Then paste those lines below:

RewriteEngine On
#Enable www to non-www redirection
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://%1$1 [R=permanent,L]
An Example:

Just like this image you need to edit both 000-default.conf  & default-ssl.conf files.

TroubleShooting:

Cloudflare Problem:

If you use  http to https redirect while using cloudflare,this will create some problems.

You may not able to access your website.

To solve this problem you have to disable http to https redirect. Though you can use  non-www to www  and www to non-www  redirect.

Don’t use this codes or disable this codes by place a # sing.

# BEGIN: Enable HTTP to HTTPS redirection
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]

Too many Redirects:

After following this long tutorial, you open your website and saw “Too many redirects”.

I am sure you will be mad at me. Don’t worry I am here! LOL.

Why Too many Redirects ?

If you setup two different redirects on same website (url) eg. one pointing http to https and another https to http or one pointing http to https www and another https www to http , this will create a loop.

You browser going from http to https  then https to http >> http to https ….. infinity . When this happens you will see “too many redirects” error screen.

How to solve?

For http to https redirect  change the WordPress Address URL and Site Address Url to https://.

For http non-www to https www redirect  change the WordPress Address URL and Site Address Url to https://www.

For http www to https non www redirect  change the WordPress Address URL and Site Address Url to https://.

Now it is you time!

I tried my best to provide you a complete tutorial on SSL for you Google Cloud WordPress. I hope you liked it.

If you need help just drop a comment.

If you benefited from this tutorial, and would like to support my work, please like my Facebook page.

Thanks,

If you like our content, please consider buying us a coffee. Thank you for your support!

2 thoughts on “Free Or Paid SSL Certificate Setup for WordPress on Google Cloud Platform”

  1. Hello i have installed many times certificate of letsencript
    Now im unable to install it say many request comes from exact same domain

    Plz help me its urgent

Leave a Comment

Your email address will not be published. Required fields are marked *